TCP WRAPPERS



TCP Wrappers is a program that is run before any configured tcp daemon is started by the inet daemon. Also greater logging capabilities are offered, along with restricting access to specific daemons from specific machines. This program increases the security of the box, but as the program is based around IP addresses and not MAC addresses, it would be very easy for an internal hacker to gain access to the box.



cd /usr/local/bin

gunzip tcp_wrappers_7.4.tar.gz

tar xvf tcp_wrappers_7.4.tar

cd tcp_wrappers_7.4

vi Makefile REAL_DAEMON_DIR=/usr/sbin                                      (sunos5 Section add after make statement) CC=gcc

vi inetcf.c                                                                                           change /etc/inet/inetd.conf to /etc/inetd.conf

make STYLE=-DPROCESS_OPTIONS sunos5 -DHOST_ACCESS


vi /etc/hosts

#
# BDS Ltd Hosts Names
#
127.0.0.1 localhost lh
#
192.168.128.128 User1
192.168.128.129 User2

vi /etc/hosts.allow

in.telnetd: User1 User2 lh
in.ftpd: lh

vi /etc/hosts.deny

ALL : ALL : spawn /usr/local/bin/safe_finger -l @%c | /usr/bin/mailx -s "%d Connection from %c" access@bdsltd.co.uk \
: banners /etc/banners : linger 10

mkdir /etc/banners

vi /etc/banners/in.telnetd

%c

This machine is owned and operated by Business Direct Services Ltd for the exclusive use of Business Direct Services Ltd employees. Your attempt to access this machine is not allowed.

Access to Business Direct Services Ltd computers is logged and monitored. If you use or attempt to use Business Direct Services Ltd systems, you consent to such monitoring and to adhere to Business Direct Services Ltd polices about appropriate use. If you do not agree, then do not attempt use of these systems. Unauthorised use of Business Direct Services Ltd computers may be illegal, and will be prosecuted.

If you have any questions about this message or policy, contact access@bdsltd.co.uk or call during business hours: 01344 460075




ps -aux | grep inetd

kill -HUP <PID>

vi /etc/inetd.conf

ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -d in.ftpd
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd

 

Last Updated 28 January 2001


Home | Networking | Teletext | About Us

Copyright 1997 - 2005 Business Direct Services Limited. All other trade marks acknowledged.
Using the products and services of Business Direct Services Limited confirms acceptance of their terms and conditions.